| NS-Link versus SocketServer security [message #1056] |
Mon, 22 October 2018 09:46  |
BobF
Messages: 10
Registered: October 2018
Location: Grand Forks, ND
|
Member |
|
|
My company is using a handful of Devicemaser 32 port ethernet gateways. I was using a web browser and the device IP to log in to the Divicemaster and I was getting some different results from some of them.
A few prompted me with a username and password and when I loggedin, it showed it was running SocketServer 11.11. On a few others, it would not prompt for a password and it showed it was running NS-Link 6.12.
I need to have all my devices the same and I really need to ensure they are all password protected. Because of the fact that one shows it running SocketServer and the other NS-Link, I did not want to blindly go and try to update anything in fear of locking it up. I looked through the Firmware revision history for SocketServer but I could not see if there was a time when the Software/Firmware name changed or why exactly I see two different GUI's when I connect to these Devicemasters via a web browser.
1. Do I need to update the device to a newer version of SocketServer to get the password logon feature I want, or is there a way to have this function with the NS-Link 6.12 currently running? I do not like how I can configure ports and other options without any security at all.
2. Will updating the firmware give the more feature-rich GUI of what I see in SocketServer 11.11 that NS-Link 6.12 lacks?
3. Is it possible to update this firmware remotely over a telnet session, or will I need to do this in person directly connected to the device? I have these devices at several remote locations
Thanks
Bob F
Minnkota Power Cooperative
|
|
|
|
| Re: NS-Link versus SocketServer security [message #1057 is a reply to message #1056] |
Mon, 22 October 2018 10:09  |
Kurt
Messages: 264
Registered: July 2016
Location: Minnesota
|
Power User |
|
|
Hi BobF,
Regarding your questions:
Quote:My company is using a handful of Devicemaser 32 port ethernet gateways. I was using a web browser and the device IP to log in to the Divicemaster and I was getting some different results from some of them.
A few prompted me with a username and password and when I loggedin, it showed it was running SocketServer 11.11. On a few others, it would not prompt for a password and it showed it was running NS-Link 6.12.
SocketServer indicates that the driver is not communicating to the DeviceMaster. Usually, this happens when using "Socket Mode" to communicate (IP Address and socket port number). Or, the driver may not be configured to work with that particular DeviceMaster.
Quote:I need to have all my devices the same and I really need to ensure they are all password protected. Because of the fact that one shows it running SocketServer and the other NS-Link, I did not want to blindly go and try to update anything in fear of locking it up. I looked through the Firmware revision history for SocketServer but I could not see if there was a time when the Software/Firmware name changed or why exactly I see two different GUI's when I connect to these Devicemasters via a web browser.
See above comment:
Quote:1. Do I need to update the device to a newer version of SocketServer to get the password logon feature I want, or is there a way to have this function with the NS-Link 6.12 currently running? I do not like how I can configure ports and other options without any security at all.
One way to set the password that is consistent across most firmware version is via Telnet. See this article for details:
http://downloads.comtrol.com/contribs/devicemaster/help_file s/password_protect_the_devicemaster_web_page_&_telnet_se ssions.pdf
Another way to set a password is through the web page for the DeviceMaster. For firmware versions 11.x and above do the following:
1. Open the web page of the DeviceMaster.
2. Go to the Network Tab -> Password
3. Leave the Old Password blank if you don't have one previously set. Enter the new password for the DeviceMaster in the "New Password" field and "Confirm New Password" field.
4. Click on the "Save" button.
5. To test, click on the home tab. Enter 'admin' for "Username" and your new password.
6. Please note that some special characters will be a problem with older versions of the firmware (pre 11.x)
Quote:
2. Will updating the firmware give the more feature-rich GUI of what I see in SocketServer 11.11 that NS-Link 6.12 lacks?
Update Bootload as well as SocketServer. This can be found here:
http://downloads.comtrol.com/html/DM_PRO_RTS_SERIALHUB_firmw are.htm
Quote:3. Is it possible to update this firmware remotely over a telnet session, or will I need to do this in person directly connected to the device? I have these devices at several remote locations
Yes to both. Please see above comments.
I hope I answered your questions. Please let me know if anything else comes to mind.
If a password doesn't work and needs to be removed, please follow the following steps.
Note on the removing password. This will be done in "Console Mode". Ensure the bootloader timeout is
set to a minimum of 30 seconds to allow access to the "Redboot prompt" (bootloader mode).
http://downloads.comtrol.com/contribs/devicemaster/help_file s/clearing_unknown_password.pdf
Thanks,
Kurt
Kurt Rees
www.comtrol.com
http://forum.comtrol.com/
Comtrol Corporation
100 Fifth Ave NW
Minneapolis, MN. 55112
Direct +1 763.957.6000 | +1 Fax (763) 957-6001
connect. communicate. control
|
|
|
|
|
|
| Re: NS-Link versus SocketServer security [message #1059 is a reply to message #1056] |
Mon, 22 October 2018 10:56 |
BobF
Messages: 10
Registered: October 2018
Location: Grand Forks, ND
|
Member |
|
|
Thanks for the information. The first reply you gave about the driver raises a few questions that I need answers on so I can better understand the security:
I assume the driver you are referring to is one in the Devicemaster (DM) itself? Or is it something on the computer that is being used to connect to the DM? I was using the same computer to log into all of my Devicemasters when some showed NS-Link and others showed SocketServer. I like how on the DM's that showed SocketServer, it asked for the user and password. In your replies above, it almost seems as if I had the correct driver, it should show up as NS-Link and there would be no prompt for a password?
My concern is if someone had the IP address of my DM and they tried connecting, that they could then immediately see my config and port info if they had the "correct driver". I don't want to assume the ones that are prompting me for a username and password are secure if I am only being prompted because of a lack of a proper driver. The ones that are not prompting for a password are apparently using the proper driver since they show NS-Link.
In the end I am hoping that there is a way to make the DM prompt for a user/password no matter the way you choose to connect to it. Using PuTTY via Telnet does prompt for a password on the ones I set up that way, but over a common web browser there is no password for those same DM's with the driver that allows it to show NS-Link.
Bob F
Minnkota Power Cooperative
|
|
|
|
| Re: NS-Link versus SocketServer security [message #1060 is a reply to message #1059] |
Mon, 22 October 2018 12:58 |
Kurt
Messages: 264
Registered: July 2016
Location: Minnesota
|
Power User |
|
|
Hi BobF,
Quote:I assume the driver you are referring to is one in the Devicemaster (DM) itself? Or is it something on the computer that is being used to connect to the DM? I was using the same computer to log into all of my Devicemasters when some showed NS-Link and others showed SocketServer. I like how on the DM's that showed SocketServer, it asked for the user and password. In your replies above, it almost seems as if I had the correct driver, it should show up as NS-Link and there would be no prompt for a password?
The driver referred to is for the DeviceMaster, see here:
http://downloads.comtrol.com/html/DM_PRO_RTS_SERIALHUB_drive rs.htm
If you configured a password it should ask for a password regardless of using a driver or when using Socket mode.
Quote:My concern is if someone had the IP address of my DM and they tried connecting, that they could then immediately see my config and port info if they had the "correct driver". I don't want to assume the ones that are prompting me for a username and password are secure if I am only being prompted because of a lack of a proper driver. The ones that are not prompting for a password are apparently using the proper driver since they show NS-Link.
Within the web page of the new firmware v11.x, you can go to "Network" -> "Security" create your password and select 'Enable Secure Config Mode'. Next, reboot.
This will enable https:// functionality and will require a password.
If using PortVision, you will be required to enter the username / password to get to the Properties GUI.
Telnet would require SSH on port 22. You will be asked the username and password
Quote:In the end I am hoping that there is a way to make the DM prompt for a user/password no matter the way you choose to connect to it. Using PuTTY via Telnet does prompt for a password on the ones I set up that way, but over a common web browser there is no password for those same DM's with the driver that allows it to show NS-Link.
You should be ok with the above suggestions.
If you want to do this via telnet, the command would be:
Command to set your password
password <your_password>
Command to set secureconf:
secureconf enable
Kurt
Kurt Rees
www.comtrol.com
http://forum.comtrol.com/
Comtrol Corporation
100 Fifth Ave NW
Minneapolis, MN. 55112
Direct +1 763.957.6000 | +1 Fax (763) 957-6001
connect. communicate. control
|
|
|
|
FUDforum
Members
Search
Help
Register
Login
Home
